SRX Services Gateway
Highlighted
SRX Services Gateway

SRX1500 Capactiy

Friday

Hi,

I have a SRX1500, how can I determinie what capacty % I am using of the firewall when at my peak traffic time for the day? Around 10am is when the firewall is being used most, but aside from looking at CPU all looks as if its not doing much. I want to know from my current traffic how much more I can increase it by. So ideally I can say I'm using X % of the SRX 1500. 

 

Routing Engine status:
    Temperature                 40 degrees C / 104 degrees F
    CPU temperature             40 degrees C / 104 degrees F
    Total memory              1954 MB Max   586 MB used ( 30 percent)
    Memory utilization          30 percent
    5 sec CPU utilization:
      User                       0 percent
      Background                 0 percent
      Kernel                     1 percent
      Interrupt                  1 percent
      Idle                      98 percent
    1 min CPU utilization:
      User                       0 percent
      Background                 0 percent
      Kernel                     1 percent
      Interrupt                  1 percent
      Idle                      98 percent
    5 min CPU utilization:
      User                       0 percent
      Background                 0 percent
      Kernel                     1 percent
      Interrupt                  1 percent
      Idle                      98 percent
    15 min CPU utilization:
      User                       0 percent
      Background                 0 percent
      Kernel                     1 percent
      Interrupt                  1 percent
      Idle                      98 percent
    Model                          SRX Routing Engine
    Serial ID                      BUILTIN
    Start time                     2017-11-01 15:00:37 GMT
    Uptime                         281 days, 18 hours, 2 minutes, 2 seconds
    Last reboot reason             0x10:misc hardware reason
    Load averages:                 1 minute   5 minute  15 minute
                                       0.05       0.07       0.02
FWDD status:
  State                                 Online
  Microkernel CPU utilization         0 percent
  Real-time threads CPU utilization   5 percent
  Heap utilization                   18 percent
  Buffer utilization                 50 percent
  Uptime:                               281 days, 17 hours, 56 minutes, 48 seconds
FPC 0
  PIC 0
    CPU utilization          :    1 %
    Memory utilization       :   18 %
    Current flow session     : 2438
    Current flow session IPv4: 2438
    Current flow session IPv6:    0
    Max flow session         : 2097152
Total Session Creation Per Second (for last 96 seconds on average):  109
IPv4  Session Creation Per Second (for last 96 seconds on average):  109
IPv6  Session Creation Per Second (for last 96 seconds on average):    0
6 REPLIES
SRX Services Gateway

Re: SRX1500 Capactiy

Friday

Hi, VOIPBunny

Based on your explanation I believe you are looking to monitor throughput rather than CPU utilization. For this you can use sum up all the incoming bytes and packets the SRX in receiving in all its interfaces (per second) and then compare the result with the SRX specs.

 

Command: > monitor interface traffic

 

	SRX1500-R002                      Seconds: 17                  Time: 10:16:28

	Interface    Link  Input packets        (pps)     Output packets        (pps)
	 ge-0/0/0      Up              0          (0)                0          (0)
	 gr-0/0/0      Up              0          (0)                0          (0)
	 ip-0/0/0      Up              0          (0)                0          (0)
	 lt-0/0/0      Up              0          (0)                0          (0)
	 ge-0/0/1      Up        1152091          (0)          1151378          (0)
	 ge-0/0/2    Down              0          (0)                0          (0)
	 ge-0/0/3    Down              0          (0)                0          (0)
	 ge-0/0/4      Up        1521538          (1)          1521593          (1)
	 ge-0/0/5    Down              0          (0)                0          (0)
	 ge-0/0/6    Down              0          (0)                0          (0)
	 ge-0/0/7    Down              0          (0)                0          (0)
	 ge-0/0/8    Down              0          (0)                0          (0)
	 ge-0/0/9    Down              0          (0)                0          (0)
	 ge-0/0/10   Down              0          (0)                0          (0)
	 ge-0/0/11   Down              0          (0)                0          (0)
	 ge-0/0/12   Down              0          (0)                0          (0)
	 ge-0/0/13   Down              0          (0)                0          (0)
	 ge-0/0/14   Down              0          (0)                0          (0)
	 ge-0/0/15   Down              0          (0)                0          (0)

	Bytes=b, Clear=c, Delta=d, Packets=p, Quit=q or ESC, Rate=r, Up=^U, Down=^D

Total input packets per second in below output: 1

 

 

Pressing letter B, when the output is running, will change the results displayed to bits per second:

 

SRX1500-R002                      Seconds: 36                  Time: 10:16:47

Interface    Link     Input bytes        (bps)      Output bytes        (bps)
 ge-0/0/0      Up               0          (0)                 0          (0)
 gr-0/0/0      Up               0          (0)                 0          (0)
 ip-0/0/0      Up               0          (0)                 0          (0)
 lt-0/0/0      Up               0          (0)                 0          (0)
 ge-0/0/1      Up        96782875          (0)          96747665          (0)
 ge-0/0/2    Down               0          (0)                 0          (0)
 ge-0/0/3    Down               0          (0)                 0          (0)
 ge-0/0/4      Up       216081068       (2264)         216069947       (2264)
 ge-0/0/5    Down               0          (0)                 0          (0)
 ge-0/0/6    Down               0          (0)                 0          (0)
 ge-0/0/7    Down               0          (0)                 0          (0)
 ge-0/0/8    Down               0          (0)                 0          (0)
 ge-0/0/9    Down               0          (0)                 0          (0)
 ge-0/0/10   Down               0          (0)                 0          (0)
 ge-0/0/11   Down               0          (0)                 0          (0)
 ge-0/0/12   Down               0          (0)                 0          (0)
 ge-0/0/13   Down               0          (0)                 0          (0)
 ge-0/0/14   Down               0          (0)                 0          (0)
 ge-0/0/15   Down               0          (0)                 0          (0)

Bytes=b, Clear=c, Delta=d, Packets=p, Quit=q or ESC, Rate=r, Up=^U, Down=^D

Total input bits per second in the below output: 2264

 

On SRX1500 datasheet you can find the supported pps and bps for this platform:

 https://www.juniper.net/assets/us/en/local/pdf/datasheets/1000551-en.pdf

 

Routing/firewall (64 B packet size) Mpps: 1.7

Routing/firewall (IMIX packet size) Gbps: 5

 

Note that the numbers showing up in the datasheet are just for reference. For your SRX to handle those numbers you need to make sure that the traffic passing your SRX is UDP and that it is sent like the tests mentioned in RFC2544. Still these numbers gives you an idea.

 

Another commands you can use to monitor CPU and session utilization at a given time are the following.

 

CPU utilization in last 60 seconds:

 

{primary:node0}
root@SRX1500-R002> show security monitoring performance spu
node0:
--------------------------------------------------------------------------
fpc  0  pic  0
Last 60 seconds:
 0:   0   1:   0   2:   0   3:   0   4:   0   5:   0
 6:   0   7:   0   8:   0   9:   0  10:   0  11:   0
12:   0  13:   0  14:   0  15:   0  16:   0  17:   0
18:   0  19:   0  20:   0  21:   0  22:   0  23:   0
24:   0  25:   0  26:   0  27:   0  28:   0  29:   0
30:   0  31:   0  32:   0  33:   0  34:   0  35:   0
36:   0  37:   0  38:   0  39:   0  40:   0  41:   0
42:   0  43:   0  44:   0  45:   0  46:   0  47:   0
48:   0  49:   0  50:   0  51:   0  52:   0  53:   0
54:   0  55:   0  56:   0  57:   0  58:   0  59:   0

Session utilization in last 60 seconds:

 

 

{primary:node0}
root@SRX1500-R002> show security monitoring performance session
node0:
--------------------------------------------------------------------------
fpc  0  pic  0
Last 60 seconds:
 0:       0   1:       0   2:       0   3:       0   4:       0   5:       0
 6:       0   7:       0   8:       0   9:       0  10:       0  11:       0
12:       0  13:       0  14:       0  15:       0  16:       0  17:       0
18:       0  19:       0  20:       0  21:       0  22:       0  23:       0
24:       0  25:       0  26:       0  27:       0  28:       0  29:       0
30:       0  31:       0  32:       0  33:       0  34:       0  35:       0
36:       0  37:       0  38:       0  39:       0  40:       0  41:       0
42:       0  43:       0  44:       0  45:       0  46:       0  47:       0
48:       0  49:       0  50:       0  51:       0  52:       0  53:       0
54:       0  55:       0  56:       0  57:       0  58:       0  59:       0

 

I hope this information helps you!

 

 

Pura Vida from Costa Rica - Kudos are appreciated!
Mark as Resolved if it applies.
SRX Services Gateway

Re: SRX1500 Capactiy

Monday

Thank for this info, its very helpful. One last question in regards to IPVPN which specs on the datasheet should I be looking at Routing/firewall or IPsec VPN.

SRX Services Gateway

Re: SRX1500 Capactiy

Monday

Hi,

 

I ran what you suggested, pps I'm at around 15,000, bps is below. I'm mainly carrying UDP media which is 214 bytes a packet. So I still really have no idea what my utilisation is of my SRX?

 

 

Interface    Link     Input bytes        (bps)      Output bytes        (bps)
 ge-0/0/0      Up      7607315898       (2264)      546397537152     (317488)
 gr-0/0/0      Up               0          (0)                 0          (0)
 ip-0/0/0      Up               0          (0)                 0          (0)
 ge-0/0/1      Up      6991681564       (2264)        6991637102       (2272)
 ge-0/0/2    Down               0          (0)                 0          (0)
 ge-0/0/3    Down               0          (0)                 0          (0)
 ge-0/0/4    Down               0          (0)                 0          (0)
 ge-0/0/5    Down               0          (0)                 0          (0)
 ge-0/0/6      Up  36339881876309   (24525616)    40668727964979   (26557152)
 ge-0/0/7      Up  40978854914931   (26754872)    36499164273037   (24678272)
 ge-0/0/8    Down               0          (0)                 0          (0)
 ge-0/0/9      Up      2241058802          (0)        1835445101          (0)
 ge-0/0/10     Up      2919049206          (0)             48552          (0)
 ge-0/0/11     Up       793993234       (2272)         731767762       (1968)
 ge-0/0/12   Down               0          (0)                 0          (0)
 ge-0/0/13   Down               0          (0)                 0          (0)
 ge-0/0/14   Down               0          (0)                 0          (0)
 ge-0/0/15   Down               0          (0)                 0          (0)
 xe-0/0/16   Down               0          (0)                 0          (0)
 xe-0/0/17   Down               0          (0)                 0          (0)
 xe-0/0/18   Down               0          (0)                 0          (0)
 xe-0/0/19   Down               0          (0)                 0          (0)
 ge-7/0/0      Up    557697572526     (332496)      214999856430       (2264)
 ge-7/0/1      Up     11034968575       (2264)       10788652772       (2264)
 ge-7/0/2    Down               0          (0)                 0          (0)
 ge-7/0/3    Down               0          (0)                 0          (0)
 ge-7/0/4    Down               0          (0)                 0          (0)
 ge-7/0/5    Down               0          (0)                 0          (0)
 ge-7/0/6      Up  21500008741887        (760)    20050839574313          (0)
 ge-7/0/7      Up  20306073186158      (39512)    21587112737778          (0)
 ge-7/0/8    Down               0          (0)                 0          (0)
 ge-7/0/9    Down      1985952423          (0)              5838          (0)
 ge-7/0/10     Up      2919030381          (0)                 0          (0)
 ge-7/0/11   Down               0          (0)                 0          (0)
 ge-7/0/12   Down               0          (0)                 0          (0)
 ge-7/0/13   Down               0          (0)                 0          (0)
 ge-7/0/14   Down               0          (0)                 0          (0)
 ge-7/0/15   Down               0          (0)                 0          (0)
 xe-7/0/16   Down               0          (0)                 0          (0)
 xe-7/0/17   Down               0          (0)                 0          (0)
 xe-7/0/18   Down               0          (0)                 0          (0)
 xe-7/0/19   Down               0          (0)                 0          (0)
 dsc           Up               0                              0
 em0           Up               0                              0
 em1           Up               0                              0
 em2           Up               0                              0
 fab0          Up     14598997462       (4528)      553389174254     (319760)
 fab1          Up    568732541101     (334760)      225788509202       (4528)
 fxp0          Up               0                              0
 gre           Up               0                              0
 ipip          Up               0                              0
SRX Services Gateway

Re: SRX1500 Capactiy

Monday

Hi,

You should be looking at "IPsec VPN (IMIX packet size) Gbps". This is the performance/throughput that the firewall would provide when sending traffic over a VPN tunnel. Still remember these are numbers just for reference and that the only way to achieve these will be to perform the tests as stated in RFC2544. VOIPBunny please mark as Resolved if the information provided helped you Smiley Wink

Pura Vida from Costa Rica - Kudos are appreciated!
Mark as Resolved if it applies.
SRX Services Gateway

Re: SRX1500 Capactiy

[ Edited ]
Monday

VOIPBunny,

 

The output is showing bps and not pps. The sum of all the incoming traffic in bps is: 52001608 bps (0.052 Gbps)

 

2264+ 2264+ 24525616+ 26754872+ 2272+ 332496+ 2264+ 760+ 39512+ 4528+ 334760= 52001608 bps

 

As we saw, you SRX supports 5 Gbps (100% of utilization) but currently it is handling 0.052 Gbps (1.04% of utilization).

 

 (0.052/5)*100= 1.04% of utilzation

 

Perform the same test with pps and you can tell the utilization on that aspect too.

 

 

Pura Vida from Costa Rica - Kudos are appreciated!
Mark as Resolved if it applies.
SRX Services Gateway

Re: SRX1500 Capactiy

7 hours ago

Hi,

 

I think you have done you calculation based on bits and not Bytes?

 

Thanks